[February-20-2026] Daily Cybersecurity Threat Report

Posted on

Executive Summary

This report details a series of recent cyber incidents based strictly on the provided draft data from February 20, 2026. The data encompasses 84 distinct cybersecurity events, primarily clustered around data breaches, unauthorized initial access, and website defacements. The threat landscape demonstrates a broad geographic and industrial spread, heavily impacting government sectors, educational institutions, and healthcare organizations across the globe.+4

1. High-Impact Data Breaches and Leaks

Data breaches constitute the most significant portion of the recorded incidents, involving the exposure of sensitive Personally Identifiable Information (PII), government records, and corporate source code.+4

1.1 Government and Public Sector Breaches

Government entities were a primary target for data theft, with several massive datasets allegedly exposed:

  • Government of Zambia: A threat actor named Spirigatito allegedly breached the government, exposing approximately 34.1 million records impacting 15 million individuals.+1
  • The 500 GB dataset reportedly includes full names, dates of birth, gender, national ID numbers, beneficiary IDs, phone numbers, emails, and residential addresses.
  • Bolivian Police DNFR: ExploitBolivia claims to have leaked a database belonging to the National Directorate of Inspection and Collections.
  • The CSV file allegedly contains free-to-download data on over 20,000 police officers, including full names, IDs, addresses, and phone numbers.
  • France (Multiple Incidents): HexDex claims to have leaked data from high-security domains IntraDefGov and InterieurGov (8,861 email agent records).
  • HexDex also claims to have leaked data from the DGSI, DGSE, National Gendarmerie, Police, Ministry of the Armed Forces, and CNIL.
  • Another actor, Angel_Batista, claims to have breached 65k rows of employee data from the National Gendarmerie.
  • Additionally, threaded25msa claims to have breached 12.78 million lines of data from the National Agency for Secure Titles (ANTS).
  • France’s Ministry of the Economy and Finance confirmed unauthorized access to the national bank account registry (FICOBA), compromising an official’s credentials and exposing IBANs, identities, and tax IDs from a registry of 1.2 million accounts.
  • Escuela Venezolana de Planificación (FEVP): GordonFreeman claims to sell a database of 320,000 records containing names, IDs (cédula), emails, phones, and “Carnet de la Patria” identifiers.
  • KPU Kota Tegal (Indonesia): XZeeoneOfc claims to have leaked election commission data including Family Card Numbers, National IDs, and birth details.
  • Government of Mexico City: Alz_157s claims to have leaked files from the Information Network on Violence Against Women.

1.2 Corporate and Enterprise Data Breaches

Several high-profile corporate entities suffered alleged data breaches involving internal data and source code:

  • Meta Platforms: Threat actor CryptoDead advertises a 235GB download of Meta’s LLaMA large language model source code.
  • Microsoft: CryptoDead also claims to have leaked parts of Bing, Bing Maps, and Cortana source code.
  • Wynn Resorts: ShinyHunters claims to have compromised over 800,000 records, including employee data and PII such as SSNs.
  • Stewart & Stevenson Colombia: HighRisk claims to sell a 19GB database containing 3,500+ client contacts, 220k+ related entries, internal documents, and corporate KYC files.
  • Droom (India): GreyMan claims to sell data containing the source code of all projects and vehicle inspection documents.
  • KeepCool (France): 84City claims to sell a database of roughly 400,000 members, including subscriptions, staff records, and gym door access codes.
  • roomvu (Canada): HighRisk claims to have leaked data from the AI-powered real estate marketing platform.
  • Carousell (Singapore): HighRisk claims to have leaked data from the C2C/B2C marketplace via publicly accessible links.
  • Figure Technology Solutions, Inc. (USA): A threat actor named frog claims to have leaked approximately 30,192 records including PII and internal company info.

2. Compromised Credentials and Initial Access

A massive wave of credential leaks and initial access sales was recorded, largely driven by specific threat actor groups.+3

2.1 The “A K U L A v 2 . 2” Campaign

The threat actor group “A K U L A v 2 . 2” was highly active on Telegram, claiming to have leaked login credentials for a wide array of high-profile, global targets:+2

  • Law Enforcement & Justice: Federal Bureau of Investigation (FBI) in the USA , Belgium Police , and the Department of Justice in India.+4
  • Government Administration: General Entertainment Authority (GEA) of Saudi Arabia , Daman Digital Platform (Iraq) , Sistema Integrado de Inteligência da Segurança Pública (Brazil) , Ministry of Finance (Iraq) , Kementerian Ketenagakerjaan Republik Indonesia , and UAE PASS.+4
  • Education (Iraq): University of Baghdad , Polytechnic College – Middle Euphrates Technical University , Imam Al-Kadhim University College , and Al-Mansour University College.+3
  • Private Sector: tasjeel.ae (Computer Software/Engineering, UAE) and Homes Partner Real Estate (UAE).+2

2.2 The “Buscador” Campaign

Another threat actor, “Buscador,” focused heavily on leaking credentials for government and public services via Telegram:+1

  • Government of Telangana (India).
  • Government of Portugal.
  • Social Security (Portugal).
  • Public health Office Purworejo Regency (Indonesia).
  • Hyderabad City Police (India).
  • tracking.cgg.gov.in.

2.3 Initial Access Brokers

Threat actors were also observed selling direct access to compromised infrastructure:

  • Industrial Control Systems: Z-PENTEST ALLIANCE claims to have accessed a Rockwell Automation ICS in an Austrian production facility.+1
  • They allege visibility into Allen-Bradley controllers, HMIs, and the ability to modify settings and influence automated processes.
  • CCTV Systems: NoName057(16) claims unauthorized access to unidentified CCTV cameras in Spain on two separate occasions.+1
  • Corporate Access: * redpin claims to be selling SSH access to WorkSmrt (Canada).
    • Sanguine is allegedly selling admin access to a Brazilian news website.
    • DirkDiggler55 is selling RDP access to a Brazilian store.
    • cosmodrome is selling admin access to a New Zealand online store.

3. Website Defacements

Website defacement was a prominent tactic, largely utilized by hacktivist or politically motivated groups.+2

  • DEFACER INDONESIAN TEAM: This group was responsible for numerous defacements and access leaks.
    • Defacement targets included: Max Lubol (India) , SMK KP Baleendah (Indonesia) , multiple Indian sites including sctimst.ac.in , Grafeez (India) , Mukomuko Mangimbau (Indonesia) , and the Government of Bangli Regency (Indonesia).+4
    • They also leaked credentials/access for Basis Webdevelopment , Money Multiplier , INTI Bearing , Allied Mother & Child Specialized Hospital Ltd , Mesghohestan , Politeknik Negeri Pontianak , and Labplus.+4
  • 0xteam: Targeted real estate and training sites, claiming defacements of Saini Real Estate (Canada) , Blue Echo Realty Group (USA) , and Connecting (Serbia).+2
  • BABAYO EROR SYSTEM: Defaced teethinadayuk.com , WirayanaGeo (Indonesia) , and MCSS99 ALUMNI (Nigeria).+2
  • Nullsec Philippines: Claimed to have defaced multiple subdomains of the Government of Bangladesh.
  • EXADOS: Targeted the Klang Kached Subdistrict Municipality in Thailand.
  • Z-BL4CX-H4T: Defaced proxipreview.com.
  • m0z1ll4s: Defaced meu visual semijoias.

4. Cyber Attacks and Malware Sales

  • Hospital Cyber Attack: The University of Mississippi Medical Center (UMMC) suffered a confirmed cyber attack.
  • IT systems and electronic medical records were taken offline, causing clinic closures and canceled procedures while the investigation is ongoing.
  • Malware Tools: A threat actor named chotabheem is selling an “Admin Panel Cracker”.
  • This Python-based tool is described as a WordPress vulnerability scanner that fingerprints sites, scans themes/plugins, conducts mass target scans, and exploits vulnerabilities.
  • It features automated updates and reporting.

5. Miscellaneous Breaches and Activity

Other notable alleged leaks across various sectors include:

  • Gambling: Yiyi claims to sell a database from Seneté (Paraguay) including CI numbers, IP logs, and session histories.
  • Telecom: reddgilburt claims to sell 600 Vodafone eSIM QR codes in the UK offering unlimited minutes/data.
  • Education: LEAK DATABASE claims to have accessed the UniGest platform of the University of Atlantic (Colombia), exposing 13 databases. XZeeoneOfc claims to have leaked the Pi Fellowship database of Notre Dame Law School. Dz-Al-Qaqa claims unauthorized access to My School (Morocco).+2
  • Services & Security: HighRisk claims data leaks from Pango (USA) and Bluwalk (Portugal).+1
  • Identity Fraud: BlackStoneX is selling “REALDOCS USA,” offering real U.S. identity document packages (driver’s licenses, selfies) for KYC verification in bulk.

Conclusion

Based strictly on the draft data provided , the cybersecurity landscape on February 20, 2026, was characterized by high-volume, automated credential harvesting and severe data breaches impacting both massive corporations (Meta, Microsoft) and critical national infrastructure.+4

The pervasive activity of specific threat groups, particularly “A K U L A v 2 . 2” and “DEFACER INDONESIAN TEAM,” suggests highly coordinated campaigns targeting vulnerable administrative panels and login portals globally. Furthermore, the exposure of Industrial Control Systems (ICS) and massive citizen datasets (such as the 34 million records from Zambia) highlights a critical vulnerability in government and manufacturing sectors. The sheer volume of compromised credentials distributed freely via Telegram channels indicates a trend toward rapid commodification of initial access.+4

Detected Incidents Draft Data

  1. Alleged Data Breach of roomvu
    Category: Data Breach
    Content: Threat actor claims to have leaked data associated with Roomvu, a Vancouver-based AI-powered real estate marketing platform
    Date: 2026-02-20T23:51:35Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276542/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/807a545d-7d74-417c-9d60-e3703bf8e805.png
    Threat Actors: HighRisk
    Victim Country: Canada
    Victim Industry: Real Estate
    Victim Organization: roomvu
    Victim Site: roomvu.com
  2. Alleged leak of login credentials to Basis Webdevelopment
    Category: Initial Access
    Content: The threat actor shares a WordPress login URL associated with basiswebdevelopment.nl and provides what appears to be valid credentials, suggesting potential unauthorized administrative or user-level access.
    Date: 2026-02-20T23:10:18Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/742806d8-b804-41dc-997c-9919b3d7bb06.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Netherlands
    Victim Industry: Information Technology (IT) Services
    Victim Organization: basis webdevelopment
    Victim Site: basiswebdevelopment.nl
  3. Alleged unauthorized Access to an WorkSmrt Automation Platform
    Category: Initial Access
    Content: The threat actor claims to be selling SSH access to worksmrt.ca, which belongs to WorkSmrt, an automation platform that provides booking, POS integration, and business workflow tools.
    Date: 2026-02-20T22:48:43Z
    Network: openweb
    Published URL: https://darkforums.me/Thread-Selling-worksmrt-ca-SSH-Access-for-Sale
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/39fe2f87-109e-4a19-8d8b-59d71a5b2097.png
    Threat Actors: redpin
    Victim Country: Canada
    Victim Industry: Information Technology (IT) Services
    Victim Organization: worksmrt
    Victim Site: worksmrt.ca
  4. Alleged data breach of Escuela Venezolana de Planificación (FEVP)
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly belonging to the Escuela Venezolana de Planificación (FEVP), a Venezuelan government-affiliated institution.the dataset contains approximately 320,000 records and includes sensitive personal information such as full names, national ID numbers (cédula), email addresses, phone numbers, system entry dates, and “Carnet de la Patria” identifiers.
    Date: 2026-02-20T22:40:17Z
    Network: openweb
    Published URL: https://darkforums.me/Thread-Selling-320k-FEVP-Venezuela-Email-Phone-Number-Full-Name-C%C3%A9dula-Card-Patria-ID
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3bf4870a-fe99-4773-ba17-9cfc395df92e.png
    https://d34iuop8pidsy8.cloudfront.net/3c243c8c-7aa2-40b9-9a6e-e59793b9aaf7.png
    Threat Actors: GordonFreeman
    Victim Country: Venezuela
    Victim Industry: Government & Public Sector
    Victim Organization: escuela venezolana de planificación (fevp)
    Victim Site: fevp.gob.ve
  5. Alleged Sale of Vodafone eSim in UK
    Category: Data Breach
    Content: The threat actor claims to be selling 600 Vodafone eSIM QR codes in UK, allegedly providing unlimited minutes, SMS, and internet access.
    Date: 2026-02-20T22:29:42Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/276528/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e80a8742-1a15-4bed-b74d-78fe0fe7a96c.png
    Threat Actors: reddgilburt
    Victim Country: UK
    Victim Industry: Network & Telecommunications
    Victim Organization: Unknown
    Victim Site: Unknown
  6. Alleged data leak of Seneté (Paraguayan gambling platform)
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly belonging to Seneté, a Paraguayan gambling platform. the dataset includes full names, national ID numbers (CI), email addresses, phone numbers, home addresses, IP logs, account metadata, session histories, and other user activity details.
    Date: 2026-02-20T22:16:38Z
    Network: openweb
    Published URL: https://darkforums.me/Thread-DATABASE-SALE-500K-Paraguay-PII-Full-Records-%E2%80%93-CI-Email-IP-Address-%E2%80%93-Cheap-Bulk
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/98af35ab-57be-4466-921a-6abe07e8674a.png
    Threat Actors: Yiyi
    Victim Country: Paraguay
    Victim Industry: Gambling & Casinos
    Victim Organization: Unknown
    Victim Site: Unknown
  7. Alleged leak of login credentials to tasjeel.ae
    Category: Data Breach
    Content: The group claims to have leaked login credentials to tasjeel.ae
    Date: 2026-02-20T22:09:00Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1073794
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1f05f2d8-23b4-4fa7-9bdd-b49d8d3ba0e9.jpg
    Threat Actors: A K U L A v 2 . 2
    Victim Country: UAE
    Victim Industry: Computer Software/Engineering
    Victim Organization: tasjeel.ae
    Victim Site: tasjeel.ae
  8. Alleged data leak of Bolivian Police DNFR
    Category: Data Breach
    Content: The threat actor claims to have leaked a database belonging to the Bolivian Police’s National Directorate of Inspection and Collections (DNFR). the dataset allegedly contains information on more than 20,000 police officers in CSV format for free download. The exposed fields include full names, identification numbers, home addresses, phone numbers, email addresses, and other personal data, indicating a significant law enforcement data breach.
    Date: 2026-02-20T22:08:40Z
    Network: openweb
    Published URL: https://darkforums.me/Thread-BOLIVIAN-POLICE-%E2%80%93-NATIONAL-DIRECTORATE-OF-INSPECTION-AND-COLLECTIONS-DNFR-LEAK
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ed0a5062-1d4d-4ac6-8f79-c2398699a3e8.png
    Threat Actors: ExploitBolivia
    Victim Country: Bolivia
    Victim Industry: Government & Public Sector
    Victim Organization: Unknown
    Victim Site: Unknown
  9. Alleged leak of login credentials to General Entertainment Authority (GEA) of Saudi Arabia
    Category: Data Breach
    Content: The group claims to have leaked login credentials to General Entertainment Authority (GEA) of Saudi Arabia
    Date: 2026-02-20T21:49:12Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1073879
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/eba921fe-43af-43c0-b2ee-808fb5aec609.jpg
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Saudi Arabia
    Victim Industry: Government Administration
    Victim Organization: general entertainment authority (gea) of saudi arabia
    Victim Site: gea.gov.sa
  10. Alleged leak of login access to Money Multiplier
    Category: Initial Access
    Content: The group claims to have leaked login access belonging to Money Multiplier.
    Date: 2026-02-20T21:39:25Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2e14fbf2-4556-435d-a46c-b29f95d51aa2.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Financial Services
    Victim Organization: money multiplier
    Victim Site: dhannuvavetar.com
  11. Alleged Sale of Unauthorized Admin access to INTI Bearing
    Category: Initial Access
    Content: The threat actor claims to have obtained valid administrative credentials for the organization’s website (WordPress login panel), indicating potential initial access via compromised admin login.
    Date: 2026-02-20T21:22:53Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/55e3d5fa-5a35-4e10-9725-6e7624bce760.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: China
    Victim Industry: Manufacturing & Industrial Products
    Victim Organization: inti bearing
    Victim Site: inti-bearing.com
  12. Alleged leak of login credentials to Allied Mother & Child Specialized Hospital Ltd
    Category: Initial Access
    Content: The group claims to have leaked login credentials to Allied Mother & Child Specialized Hospital Ltd.
    Date: 2026-02-20T21:20:00Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e15143b1-df18-4231-8102-6ef6c03eb8d7.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Bangladesh
    Victim Industry: Hospital & Health Care
    Victim Organization: allied mother & child specialized hospital ltd
    Victim Site: alliedhospitalbd.com
  13. Alleged leak of login credentials to Mesghohestan
    Category: Initial Access
    Content: The group claims to have leaked login credentials to Mesghohestan
    Date: 2026-02-20T21:15:22Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/06dddfce-672d-4e4d-ae75-9c4adb79ac15.jpg
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Iran
    Victim Industry: Arts & Crafts
    Victim Organization: mesghohestan
    Victim Site: mesghohestany.ir
  14. Alleged leak of login credentials to Politeknik Negeri Pontianak
    Category: Initial Access
    Content: The group claims to have leaked login credentials to Politeknik Negeri Pontianak.
    Date: 2026-02-20T20:43:05Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/19cb7649-32d1-485a-b616-5a15fa840061.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Indonesia
    Victim Industry: Higher Education/Acadamia
    Victim Organization: politeknik negeri pontianak
    Victim Site: ppid.polnep.ac.id
  15. Alleged leak of login credentials to Labplus
    Category: Initial Access
    Content: The group claims to have leaked login credentials to Labplus
    Date: 2026-02-20T20:35:10Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9e96ab7b-e193-4b5d-a7fa-bc1af595ed2c.jpg
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Poland
    Victim Industry: Healthcare & Pharmaceuticals
    Victim Organization: labplus
    Victim Site: lab-plusinternational.com
  16. DEFACER INDONESIAN TEAM targets the website of Max Lubol
    Category: Defacement
    Content: The group claims to have defaced the wesite of Max Lubol
    Date: 2026-02-20T20:31:14Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/977
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ddeae5f5-33a7-4242-aa21-b07764fa2ff3.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Automotive
    Victim Organization: max lubol
    Victim Site: maxlubol.com
  17. DEFACER INDONESIAN TEAM targets the website of SMK KP Baleendah
    Category: Defacement
    Content: The group claims to have defaced the website of SMK KP Baleendah
    Date: 2026-02-20T20:20:47Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/978
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/98200874-6093-4e23-b3a7-29e99b2e69f6.jpg
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: smk kp baleendah
    Victim Site: smkkpbe.sch.id
  18. DEFACER INDONESIAN TEAM targers multiple websites in India
    Category: Defacement
    Content: The group claims to have defaced multiple websites in India which include:sctimst.ac.invipercleaning.inkpsoft.in
    Date: 2026-02-20T20:17:52Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/978
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cb0bdc24-480d-4c12-be75-00935721030d.jpg
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: sctimst.ac.in
  19. Alleged Sale of Unauthorized Admin Access to Brazilian News Website
    Category: Initial Access
    Content: The threat actor claims to be selling administrative access to the Brazilian news website.
    Date: 2026-02-20T20:02:32Z
    Network: openweb
    Published URL: https://darkforums.me/Thread-Selling-Access-Brazil-News
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c2e535de-17d3-4723-b1c5-3f4d55effbf3.png
    Threat Actors: Sanguine
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  20. DEFACER INDONESIAN TEAM targets the website of Grafeez
    Category: Defacement
    Content: The group claims to have defaced the website of Grafeez.
    Date: 2026-02-20T19:01:20Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/975
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6900634f-ed33-4bbd-95e5-59abdc8b8682.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: India
    Victim Industry: Printing
    Victim Organization: grafeez
    Victim Site: grafeez.in
  21. Nullsec Philippines targets multiple subdomains of Government of Bangladesh
    Category: Defacement
    Content: The group claims to have deface multiple subdomains of Government of Bangladesh.
    Date: 2026-02-20T18:23:09Z
    Network: telegram
    Published URL: https://t.me/nullsechackers/824
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/55d51357-8625-411b-80dc-b37d0dbd8463.png
    Threat Actors: Nullsec Philippines
    Victim Country: Bangladesh
    Victim Industry: Government Administration
    Victim Organization: government of bangladesh
    Victim Site: en.sfcnavy.gov.bd
  22. Alleged data breach of Meta Platforms
    Category: Data Breach
    Content: The threat actor advertises a download of Meta’s LLaMA large language model, allegedly totaling 235GB.
    Date: 2026-02-20T17:50:59Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-SOURCE-CODE-Meta-LLaMA-235GB
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d2dec418-524b-4a84-9397-0eeca56f2c94.png
    Threat Actors: CryptoDead
    Victim Country: USA
    Victim Industry: Information Technology (IT) Services
    Victim Organization: Unknown
    Victim Site: Unknown
  23. Alleged leak of login credentials to University of Baghdad
    Category: Data Breach
    Content: The group claims to have leaked login credentials to University of Baghdad
    Date: 2026-02-20T17:40:42Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1073409
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/32807ce3-fd75-47c1-b150-36ed0db1bf17.jpg
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Iraq
    Victim Industry: Education
    Victim Organization: university of baghdad
    Victim Site: inle.uobaghdad.edu.iq
  24. Alleged data breach of KPU Kota Tegal
    Category: Data Breach
    Content: A threat actor claims to have leaked data belonging to KPU Kota Tegal, the regional office of Indonesia’s election commission. the exposed data includes Family Card Numbers (No KK), National Identification Numbers (NIK), full names, dates and places of birth, residential addresses, village or ward details, and subdistrict information.
    Date: 2026-02-20T17:29:09Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-DOCUMENTS-Data-KPU-Tegal-City-Indonesia
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2d0b3fd9-346b-4cc7-bdec-2e925fe104a6.png
    Threat Actors: XZeeoneOfc
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: kpu kota tegal
    Victim Site: kota-tegal.kpu.go.id
  25. Alleged data breach of Azaé
    Category: Data Breach
    Content: A threat actor claims to have leaked a database allegedly belonging to Azaé, a French home services provider.
    Date: 2026-02-20T17:24:16Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-DATABASE-FR-Azae-com-7-5K
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f7483c17-bcb9-42f6-af6d-009aa1cf7bdd.png
    Threat Actors: naim1337
    Victim Country: France
    Victim Industry: Consumer Services
    Victim Organization: azaé
    Victim Site: azae.com
  26. Alleged data breach of Microsoft
    Category: Data Breach
    Content: A threat actor claims to have leaked source code from Microsoft. The data allegedly includes parts of Bing, Bing Maps, and Cortana source code.
    Date: 2026-02-20T16:58:07Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-SOURCE-CODE-Microsoft-Okta-Scattered
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b766b397-8663-457d-82c6-ab21052f5423.png
    Threat Actors: CryptoDead
    Victim Country: USA
    Victim Industry: Information Technology (IT) Services
    Victim Organization: microsoft
    Victim Site: microsoft.com
  27. EXADOS targets the website of Klang Kached Subdistrict Municipality
    Category: Defacement
    Content: The group claims to have defaced the website of Klang Kached Subdistrict Municipality
    Date: 2026-02-20T16:53:39Z
    Network: telegram
    Published URL: https://t.me/EXA_DOS_KH/159
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/99ac8326-5675-4761-a44f-6c321abe1196.jpg
    Threat Actors: EXADOS
    Victim Country: Thailand
    Victim Industry: Government Administration
    Victim Organization: klang kached subdistrict municipality
    Victim Site: klangkachedcity.go.th
  28. Alleged leak of login credentials to Polytechnic College – Middle Euphrates Technical University
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Polytechnic College – Middle Euphrates Technical University
    Date: 2026-02-20T16:40:35Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1073171
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/854ad35f-5977-4fef-a081-9d46d64dd8bb.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Iraq
    Victim Industry: Education
    Victim Organization: polytechnic college – middle euphrates technical university
    Victim Site: ikr.atu.edu.iq
  29. Alleged Sale of Admin Panel Cracker
    Category: Malware
    Content: Threat Actor claims to be selling an Admin Panel Cracker tool, described as a Python-based WordPress vulnerability scanner capable of fingerprinting sites, scanning themes and plugins for weaknesses, conducting mass target scans, and exploiting discovered vulnerabilities. It has features such as detailed reporting, automated updates for vulnerability databases, and instructions for installation and usage, indicating the tool is intended for identifying and potentially gaining unauthorized access to admin panels.
    Date: 2026-02-20T16:25:09Z
    Network: openweb
    Published URL: http://185.206.215.219/threads/66312/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/64c6abc7-7983-4f44-892d-e5d6315328c7.png
    https://d34iuop8pidsy8.cloudfront.net/5898249c-fade-4775-9fd7-d61720482c77.png
    Threat Actors: chotabheem
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  30. Alleged leak of login credentials to Imam Al-Kadhim University College
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Imam Al-Kadhim University College
    Date: 2026-02-20T16:15:06Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1073145
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b7e1ac33-1096-46aa-920f-783d50fcf0e1.jpg
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Iraq
    Victim Industry: Education
    Victim Organization: imam al-kadhim university college
    Victim Site: iku.edu.iq
  31. Alleged leak of login credentials to Al-Mansour University College
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Al-Mansour University College
    Date: 2026-02-20T16:09:36Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1073126
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f3065c67-8a77-47b8-91ff-cfa2b8f41e05.jpg
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Iraq
    Victim Industry: Education
    Victim Organization: al-mansour university college
    Victim Site: muc.edu.iq
  32. Alleged Data Breach of University of Atlantic
    Category: Data Breach
    Content: The group claims to have accessed a database of the UniGest platform hosted at ops.suit-ua.com, alleging exposure of 13 databases including administrative, backup, and system schemas such as admin_ua_bys_db and multiple dated backups from early 2024.
    Date: 2026-02-20T15:58:26Z
    Network: telegram
    Published URL: https://t.me/c/2552217515/346
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ba3037c3-9278-45e3-933d-984a59c966d0.png
    Threat Actors: LEAK DATABASE
    Victim Country: Colombia
    Victim Industry: Education
    Victim Organization: university of atlantic
    Victim Site: ops.suit-ua.com
  33. Alleged data leak of Government of Zambia
    Category: Data Breach
    Content: A threat actor claims to have breached the Government of Zambia, alleging the exposure of approximately 34.1 million records impacting around 15 million individuals, with a total dataset size of about 500 GB. the leaked data allegedly contains highly sensitive personal and government programme information, including full names, dates of birth, gender, national ID and beneficiary ID numbers, phone numbers, email addresses, and residential addresses
    Date: 2026-02-20T15:47:39Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-SELLING-Government-of-Zambia-34M
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6c3c5642-8fb5-4be5-9c04-d5ba15eaacfb.png
    https://d34iuop8pidsy8.cloudfront.net/1e0b61ff-2181-4a4d-b137-b22df33d8a0d.png
    https://d34iuop8pidsy8.cloudfront.net/14ecc640-b815-4802-b572-6432c21ddfb7.png
    Threat Actors: Spirigatito
    Victim Country: Zambia
    Victim Industry: Government & Public Sector
    Victim Organization: Unknown
    Victim Site: Unknown
  34. Alleged unauthorized Access to an unidentified CCTV cameras in Spain
    Category: Initial Access
    Content: The group claims to have gained alleged unauthorized access to an unidentified CCTV cameras in Spain.
    Date: 2026-02-20T15:14:28Z
    Network: telegram
    Published URL: https://t.me/c/2787466017/2416
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/99b8cf49-02e1-4a70-bb81-e93bdb7dc34b.jpg
    Threat Actors: NoName057(16)
    Victim Country: Spain
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  35. DEFACER INDONESIAN TEAM targets the website of Mukomuko Mangimbau
    Category: Defacement
    Content: The group claims to have defaced the website of Mukomuko Mangimbau.
    Date: 2026-02-20T15:01:19Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/973
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/77e766b3-bb28-41eb-bb17-5028fc4581dd.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Indonesia
    Victim Industry: Newspapers & Journalism
    Victim Organization: mukomuko mangimbau
    Victim Site: mukomuko-mangimbau.com
  36. Alleged data breach of KeepCool
    Category: Data Breach
    Content: Threat actor claims to be selling a database from KeepCool. The compromised data reportedly includes approximately 400,000 members, along with staff and operational gym data. as well as sensitive internal data such as staff/coach records and gym door access codes.
    Date: 2026-02-20T14:54:24Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-SELLING-FR-KeepCool-Breach-2026-Full-PII-Subscriptions-Staff-400k-Members
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6dc22628-778b-4684-8728-fbd42ed0c104.png
    https://d34iuop8pidsy8.cloudfront.net/dddaa13c-ee17-4645-9de8-6a8d86d36a54.png
    Threat Actors: 84City
    Victim Country: France
    Victim Industry: Health & Fitness
    Victim Organization: keep cool
    Victim Site: keepcool.fr
  37. Alleged leak of login credentials to Daman Digital Platform
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Daman Digital Platform
    Date: 2026-02-20T14:46:07Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1072787
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f077e6af-e649-450d-a530-6e77ee156b78.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Iraq
    Victim Industry: Government Administration
    Victim Organization: daman digital platform
    Victim Site: rss.gov.iq
  38. Alleged leak of login credentials to Sistema Integrado de Inteligência da Segurança Pública do Estado do Espírito Santo
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Sistema Integrado de Inteligência da Segurança Pública do Estado do Espírito Santo.
    Date: 2026-02-20T14:24:48Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1072746
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e266a287-cb30-4ff0-9cea-664555b66d23.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Brazil
    Victim Industry: Government Administration
    Victim Organization: sistema integrado de inteligência da segurança pública do estado do espírito santo
    Victim Site: portal.sisp.es.gov.br
  39. Alleged leak of login credentials to Belgium Police
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Belgium Police.
    Date: 2026-02-20T14:21:35Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1072750
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e8e5ef8b-7724-4a74-b3de-a6466d04012c.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Belgium
    Victim Industry: Law Enforcement
    Victim Organization: belgium police
    Victim Site: police.be
  40. Alleged leak of login credentials to Homes Partner Real Estate
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Homes Partner Real Estate.
    Date: 2026-02-20T14:05:30Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1072329
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/60c3b623-a718-499c-99a9-2e6b136f8bf9.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: UAE
    Victim Industry: Real Estate
    Victim Organization: homes partner real estate
    Victim Site: homespartner.ae
  41. Alleged leak of login credentials to Ministry of Finance (Iraq)
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Ministry of Finance (Iraq).
    Date: 2026-02-20T13:52:48Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1072821
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/061c101c-57c7-4f6f-9263-93354ac2c117.jpg
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Iraq
    Victim Industry: Government Administration
    Victim Organization: ministry of finance
    Victim Site: mof.gov.iq
  42. Alleged Unauthorized Access to Rockwell Automation Industrial Control Systems in Austria
    Category: Initial Access
    Content: The group claims to have accessed a Rockwell Automation industrial control system deployed at a production facility in Austria, reportedly gaining visibility into Allen-Bradley controllers, HMI interfaces, configuration files, documentation, and real-time monitoring data. They allege the ability to modify settings and influence automated processes within the facility’s industrial infrastructure
    Date: 2026-02-20T13:51:51Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/1087
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5e000dbd-fe0a-4710-a40b-9af0d4b42202.png
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Austria
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  43. Alleged data breach of the National Agency for Secure Titles
    Category: Data Breach
    Content: The threat actor claims to have breached 12.78M lines of data from the National Agency for Secure Titles (ANTS), allegedly containing name, email, adrress, dob and more.
    Date: 2026-02-20T13:42:16Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-DATABASE-ANTS
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/361aebc5-4fa3-4a7a-8775-b5093a3b8609.png
    Threat Actors: threaded25msa
    Victim Country: France
    Victim Industry: Government Administration
    Victim Organization: national agency for secure titles
    Victim Site: ants.gouv.fr
  44. Alleged leak of login credentials to Federal Bureau of Investigation (FBI)
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Federal Bureau of Investigation (FBI).
    Date: 2026-02-20T13:41:00Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1072759
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d752d273-7d63-451e-be95-9f0fe2d155e2.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: USA
    Victim Industry: Law Enforcement
    Victim Organization: federal bureau of investigation (fbi)
    Victim Site: fbi.gov
  45. Alleged leak of login credentials to DEPARTMENT OF JUSTICE
    Category: Data Breach
    Content: The group claims to have leaked login credentials to DEPARTMENT OF JUSTICE
    Date: 2026-02-20T13:22:24Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1072763
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8924f528-a44f-4c14-9b42-4d2e1036a0f1.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: India
    Victim Industry: Government & Public Sector
    Victim Organization: department of justice
    Victim Site: doj.gov
  46. Alleged data breach of Figure Technology Solutions, Inc.
    Category: Data Breach
    Content: The threat actor claims to have leaked approximately 30,192 of records allegedly belonging to Figure Technology Solutions, Inc., including PII and internal company information.
    Date: 2026-02-20T13:22:01Z
    Network: openweb
    Published URL: https://leakbase.la/threads/figure-com-leak.48980/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1ca9c1af-19fc-454c-a8b5-b4542ef520f1.png
    Threat Actors: frog
    Victim Country: USA
    Victim Industry: Financial Services
    Victim Organization: figure technology solutions, inc.
    Victim Site: figure.com
  47. Alleged leak of login credentials to Government of Telangana
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Government of Telangana.
    Date: 2026-02-20T13:19:29Z
    Network: telegram
    Published URL: https://t.me/c/2451084701/580028
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/42afb488-40b0-4ef9-bc08-303a44c37767.png
    Threat Actors: Buscador
    Victim Country: India
    Victim Industry: Government Administration
    Victim Organization: government of telangana
    Victim Site: tgobmms.cgg.gov.in
  48. Alleged data breach of Government of Mexico City
    Category: Data Breach
    Content: The threat actor claims to have leaked a database allegedly containing files from the Information Network on Violence Against Women of Mexico City.
    Date: 2026-02-20T13:07:34Z
    Network: openweb
    Published URL: https://darkforums.me/Thread-DATABASE-DATA-LEAK-OF-GOB-CDMX
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/36c56738-5738-4268-ae2f-8dbfce3dcc3e.png
    Threat Actors: Alz_157s
    Victim Country: Mexico
    Victim Industry: Government Administration
    Victim Organization: government of mexico city
    Victim Site: cdmx.gob.mx
  49. Z-BL4CX-H4T targets the website of proxipreview.com
    Category: Defacement
    Content: The Group claims to have defaced the website of proxipreview.com.
    Date: 2026-02-20T13:04:25Z
    Network: telegram
    Published URL: https://t.me/c/3027611821/407
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/072643a3-0a53-4032-adf6-a280d52d5273.png
    Threat Actors: Z-BL4CX-H4T
    Victim Country: Unknown
    Victim Industry: Information Technology (IT) Services
    Victim Organization: Unknown
    Victim Site: booking-system.proxipreview.com
  50. Alleged Data Leak of IntraDefGov & InterieurGov
    Category: Data Breach
    Content: Threat actor claims to have leaked data of high-security French government domains IntraDefGov & InterieurGov. The compromised information reportedly contains a total of 8,861 unique email agent records.
    Date: 2026-02-20T13:02:14Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-COLLECTION-FR-IntraDefGouv-InterieurGouv-Final-Thread
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/12363315-cfaf-4eb8-8dd3-bb83c79973d9.png
    Threat Actors: HexDex
    Victim Country: France
    Victim Industry: Government Administration
    Victim Organization: Unknown
    Victim Site: Unknown
  51. BABAYO EROR SYSTEM targets the website of teethinadayuk.com
    Category: Defacement
    Content: The group claims to have defaced the website of teethinadayuk.com
    Date: 2026-02-20T12:20:28Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/965
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7eba8e48-f5c6-418f-9940-a7072e029e84.jpg
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: teethinadayuk.com
  52. Alleged leak of login credentials to Government of Portugal
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Government of Portugal.
    Date: 2026-02-20T12:13:20Z
    Network: telegram
    Published URL: https://t.me/c/2451084701/579601
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b6c174ca-2843-4378-b172-3b06200ce28a.png
    Threat Actors: Buscador
    Victim Country: Portugal
    Victim Industry: Government Administration
    Victim Organization: government of portugal
    Victim Site: acesso.gov.pt
  53. Alleged leak of login credentials to Social Security
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Social Security.
    Date: 2026-02-20T12:00:03Z
    Network: telegram
    Published URL: https://t.me/c/2451084701/579631
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a47b0f33-4c44-40f7-931b-73b8f943be3a.png
    Threat Actors: Buscador
    Victim Country: Portugal
    Victim Industry: Government Administration
    Victim Organization: social security
    Victim Site: seg-social.pt
  54. Alleged leak of login credentials to Public health Office Purworejo Regency
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Public health Office Purworejo Regency.
    Date: 2026-02-20T11:44:56Z
    Network: telegram
    Published URL: https://t.me/c/2451084701/579619
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/464e1e5d-6f43-40f2-860d-c596164c9c23.png
    Threat Actors: Buscador
    Victim Country: Indonesia
    Victim Industry: Hospital & Health Care
    Victim Organization: public health office purworejo regency
    Victim Site: dinkes.purworejokab.go.id
  55. Alleged leak of login credentials to tracking.cgg.gov.in
    Category: Data Breach
    Content: The group claims to have leaked login credentials to tracking.cgg.gov.in.
    Date: 2026-02-20T11:27:17Z
    Network: telegram
    Published URL: https://t.me/c/2451084701/579766
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/03c34449-3a03-4992-bf94-2c66e6362708.png
    Threat Actors: Buscador
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: tracking.cgg.gov.in
  56. Alleged unauthorized access to My School
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to My School.
    Date: 2026-02-20T11:21:55Z
    Network: telegram
    Published URL: https://t.me/Abu_Alqe3Qa3/16
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/37bc4e71-50e1-4d76-926c-acf95e76350e.png
    Threat Actors: Dz-Al-Qaqa
    Victim Country: Morocco
    Victim Industry: Education
    Victim Organization: my school
    Victim Site: dyrassa.ma
  57. Alleged data sale of Droom
    Category: Data Breach
    Content: The threat actor claims to be selling data from Droom, allegedly containing the source code of all their projects, vehicle inspection documents, and more.
    Date: 2026-02-20T11:20:46Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-SELLING-Indian-Automobile-Unicorn-Fresh-DB–188587
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/930da92e-3074-4977-9a1f-f68a8c7301d0.png
    https://d34iuop8pidsy8.cloudfront.net/719dffc0-c279-4b61-992f-83a391d8dbe9.png
    https://d34iuop8pidsy8.cloudfront.net/2e7fefaa-a3c5-489f-b5e9-68631a380c91.png
    Threat Actors: GreyMan
    Victim Country: India
    Victim Industry: E-commerce & Online Stores
    Victim Organization: droom
    Victim Site: droom.in
  58. Alleged data breach of National Gendarmerie
    Category: Data Breach
    Content: The threat actor claims to have breached 65k rows of data from the National Gendarmerie, allegedly containing IDs, names, mobile numbers, email addresses, and more.
    Date: 2026-02-20T11:15:03Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-DATABASE-gendarmerie-interieur-gouv-fr-Employee-data
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/27813fe9-2dfa-42b5-afeb-e936ab61fbca.png
    https://d34iuop8pidsy8.cloudfront.net/13e6eca8-f85e-4ca8-8e92-287d5cd07671.png
    Threat Actors: Angel_Batista
    Victim Country: France
    Victim Industry: Government Administration
    Victim Organization: national gendarmerie
    Victim Site: gendarmerie.interieur.gouv.fr
  59. Cyber Attack hits University of Mississippi Medical Center (UMMC)
    Category: Cyber Attack
    Content: University of Mississippi Medical Center (UMMC) confirmed a cybersecurity incident after detecting suspicious activity on its network. Several IT systems, including electronic medical records, were taken offline, leading to clinic closures and canceled procedures. The investigation is ongoing.
    Date: 2026-02-20T11:11:12Z
    Network: openweb
    Published URL: https://www.wlbt.com/2026/02/19/sources-say-ummc-suffers-cyber-attack/
    Screenshots:
    None
    Threat Actors: Unknown
    Victim Country: USA
    Victim Industry: Hospital & Health Care
    Victim Organization: university of mississippi medical center (ummc)
    Victim Site: umc.edu
  60. Alleged leak of data belonging to multiple French government agents
    Category: Data Breach
    Content: The threat actor claims to have leaked data allegedly related to multiple French government agencies, including the DGSI, DGSE, National Gendarmerie, Police, Ministry of the Armed Forces, and CNIL.
    Date: 2026-02-20T11:08:36Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-COLLECTION-FR-DGSI-DGSE-D%C3%A9fence-Gendarmerie-Police-CNIL
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/aa7bf078-5fcd-447e-9fb9-7d4678dbf235.png
    https://d34iuop8pidsy8.cloudfront.net/d0e6b0f2-f717-4f3b-b783-21bf958e123c.png
    Threat Actors: HexDex
    Victim Country: France
    Victim Industry: Law Enforcement
    Victim Organization: government administration
    Victim Site: Unknown
  61. DEFACER INDONESIAN TEAM targets the website of Government of Bangli Regency
    Category: Defacement
    Content: The group claims to have defaced the website of Government of Bangli Regency
    Date: 2026-02-20T11:08:12Z
    Network: telegram
    Published URL: https://t.me/c/2433981896/963
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/80c076cf-0d06-49d0-a51f-69b75a10e1e9.png
    Threat Actors: DEFACER INDONESIAN TEAM
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: government of bangli regency
    Victim Site: wangitarumenyan.banglikab.go.id
  62. Alleged leak of login credentials to Kementerian Ketenagakerjaan Republik Indonesia
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Kementerian Ketenagakerjaan Republik Indonesia.
    Date: 2026-02-20T10:47:27Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1071930
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6f2cc61e-027b-45e0-ac20-bb3ed0703138.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: kementerian ketenagakerjaan republik indonesia
    Victim Site: binalattas.kemnaker.go.id
  63. Alleged Unauthorized Access to CCTV Systems in Spain
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to CCTV systems in Spain.
    Date: 2026-02-20T10:10:56Z
    Network: telegram
    Published URL: https://t.me/c/2787466017/2399
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cd70d3c1-f3d6-4726-b559-c57ab7820de1.png
    Threat Actors: NoName057(16)
    Victim Country: Spain
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  64. Alleged leak of login credentials to Hyderabad City Police
    Category: Data Breach
    Content: The group claims to have leaked login credentials to Hyderabad City Police.
    Date: 2026-02-20T10:04:35Z
    Network: telegram
    Published URL: https://t.me/c/2451084701/579517
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/348f9511-6ec1-4cf1-afdb-c99b1b66a881.png
    Threat Actors: Buscador
    Victim Country: India
    Victim Industry: Law Enforcement
    Victim Organization: hyderabad city police
    Victim Site: hyderabadpolice.cgg.gov.in
  65. France’s Ministry of Finance Suffers Data Breach
    Category: Data Breach
    Content: France’s Ministry of the Economy and Finance has confirmed unauthorized access to the national bank account registry (FICOBA), managed by the Directorate General of Public Finances (DGFiP).According to the official press release, a malicious actor compromised the login credentials of a government official and accessed part of the database containing sensitive financial and personal information.The affected data reportedly includes IBAN/RIB bank details, account holder identities, addresses, and in some cases, tax identification numbers. The registry contains information on approximately 1.2 million accounts. Authorities have implemented containment measures and launched an investigation.
    Date: 2026-02-20T08:58:02Z
    Network: openweb
    Published URL: https://x.com/lukolejnik/status/2024742640399384687?s=48
    Screenshots:
    None
    Threat Actors: Unknown
    Victim Country: France
    Victim Industry: Government Administration
    Victim Organization: ministry of the economy and finance
    Victim Site: economie.gouv.fr
  66. BABAYO EROR SYSTEM targets the website of WirayanaGeo
    Category: Defacement
    Content: The group claims to have defaced the website of WirayanaGeo
    Date: 2026-02-20T08:33:46Z
    Network: telegram
    Published URL: https://t.me/BabayoErorSysteam2/176
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b2d7e529-f6b7-4add-bcb6-c79d77780b33.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: wirayanageo
    Victim Site: wirayanageo.com
  67. BABAYO EROR SYSTEM targets the website of MCSS99 ALUMNI
    Category: Defacement
    Content: The group claims to have defaced the website of MCSS99 ALUMNI
    Date: 2026-02-20T07:36:37Z
    Network: telegram
    Published URL: https://t.me/BabayoErorSysteam2/175
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/32f45f8f-9ccd-4f23-8654-98d5dac013e0.png
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Nigeria
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: mcss99 alumni
    Victim Site: divi.mcss99.com
  68. Alleged Data Breach of carousell
    Category: Data Breach
    Content: Threat actor claims to have leaked data belonging to Carousell SG, a Singapore-based C2C/B2C online marketplace. The exposed dataset is allegedly shared via publicly accessible download links.
    Date: 2026-02-20T06:56:49Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276494/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4be328cf-dbf3-4839-bd3b-ad9f099be5e1.png
    Threat Actors: HighRisk
    Victim Country: Singapore
    Victim Industry: E-commerce & Online Stores
    Victim Organization: carousell
    Victim Site: carousell.sg
  69. Alleged data leak of Pango
    Category: Data Breach
    Content: Threat actor claims to have leaked data from Pango.
    Date: 2026-02-20T06:04:42Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276434/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/09975488-40d3-4d29-b88c-6606beb7a97f.png
    Threat Actors: HighRisk
    Victim Country: USA
    Victim Industry: Computer & Network Security
    Victim Organization: pango
    Victim Site: pango.co
  70. 0xteam targets the website of Saini Real Estate
    Category: Defacement
    Content: The group claims to have defaced the website of Saini Real Estate.
    Date: 2026-02-20T06:02:21Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/241939
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bce02f86-132c-4e08-9709-2069bae0bb57.png
    Threat Actors: 0xteam
    Victim Country: Canada
    Victim Industry: Real Estate
    Victim Organization: saini real estate
    Victim Site: sainiteam.ca
  71. 0xteam targets the website of Blue Echo Realty Group
    Category: Defacement
    Content: The group claims to have defaced the website of Blue Echo Realty Group.
    Date: 2026-02-20T05:50:16Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/241921
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f1d21f56-385b-4749-834a-0b25dd5ad62f.png
    Threat Actors: 0xteam
    Victim Country: USA
    Victim Industry: Real Estate
    Victim Organization: blue echo realty group
    Victim Site: blueechorealty.com
  72. Alleged data breach of Wynn Resorts
    Category: Data Breach
    Content: A threat actor claims to have compromised over more than 800k+ records associated with Wynn Resorts. The allegedly exposed data is said to include PII (SSNs, etc.) and employee data.
    Date: 2026-02-20T04:53:03Z
    Network: tor
    Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/44a6d3bc-60e2-4ec0-b30d-de979867644a.png
    Threat Actors: ShinyHunters
    Victim Country: USA
    Victim Industry: Hospitality & Tourism
    Victim Organization: wynn resorts
    Victim Site: wynnresorts.com
  73. Alleged Data leak of Documents from USA
    Category: Data Breach
    Content: Threat actor claims to be selling REALDOCS USA, offering real U.S. identity document packages allegedly sourced from personal channels. The listing advertises driver’s license images (front/back), selfies, and associated personal data, marketed for KYC verification and related uses, with bulk-only sales starting from 50 units.
    Date: 2026-02-20T04:48:51Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276490/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/53ca0d4b-077a-44c3-b44b-4810e408b92c.png
    https://d34iuop8pidsy8.cloudfront.net/f785878f-2014-4be7-8351-8493c619d82d.png
    Threat Actors: BlackStoneX
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  74. 0xteam targets the website of Connecting
    Category: Defacement
    Content: The group claims to have defaced the website of Connecting.
    Date: 2026-02-20T04:45:40Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/241930
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fb504eab-cb39-47b5-98f3-ef1bdd7cf659.png
    Threat Actors: 0xteam
    Victim Country: Serbia
    Victim Industry: Professional Training
    Victim Organization: connecting
    Victim Site: obrazovanje4revoluciju.rs
  75. Alleged sale of RDP access to unidentified store
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized access to an unidentified store in Brazil.
    Date: 2026-02-20T04:42:29Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276487/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6e77e4f0-4004-4e6d-936c-8fb56c2864e9.png
    Threat Actors: DirkDiggler55
    Victim Country: Brazil
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  76. Alleged Data Breach of Stewart & Stevenson Colombia
    Category: Data Breach
    Content: Threat actor claims to be selling a 19GB database linked to Stewart & Stevenson Colombia. The dataset allegedly includes client contacts and orders (3,500+ records), an additional 220k+ related entries, internal documents (422 files), and company KYC and other corporate documents (36,661 files).NB: Authenticity of claim is yet to be verified
    Date: 2026-02-20T04:29:17Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276491/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/95cf6534-e647-4d2a-8dab-b18239d27997.png
    Threat Actors: HighRisk
    Victim Country: Colombia
    Victim Industry: Energy & Utilities
    Victim Organization: stewart & stevenson colombia
    Victim Site: ssss.com.co
  77. m0z1ll4s targets the website of meu visual semijoias
    Category: Defacement
    Content: The group claims to have defaced the website of meu visual semijoias.
    Date: 2026-02-20T04:24:36Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/241946
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b188307c-b458-411f-aed5-d6c60998f33b.png
    Threat Actors: m0z1ll4s
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: meu visual semijoias
    Victim Site: meuvisualsemijoias.com
  78. Alleged data leak of Bluwalk
    Category: Data Breach
    Content: Threat actor claims to have leaked data from Bluwalk.
    Date: 2026-02-20T04:12:54Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276493/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ae58513d-e457-45c8-b416-8b4c1cfe71e1.png
    Threat Actors: HighRisk
    Victim Country: Portugal
    Victim Industry: Information Technology (IT) Services
    Victim Organization: bluwalk
    Victim Site: bluwalk.com
  79. Alleged data leak of Immerda
    Category: Data Breach
    Content: Threat actor claims to have leaked data from Immerda.
    Date: 2026-02-20T04:02:53Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Immerda-ch-DATA-LEAK
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4b6c0a13-4dba-4b74-9a5d-23496c7875a2.png
    Threat Actors: l33tfg
    Victim Country: Switzerland
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: immerda
    Victim Site: immerda.ch
  80. Alleged data breach of Pi Fellowship database of Notre Dame Law School
    Category: Data Breach
    Content: The threat actor claims to have obtained internal data related to a fellowship program of Notre Dame Law School .The compromised data reportedly includes the Fellowship Name, detailed project descriptions, program location details, application deadlines, salary or stipend information, applicant qualification requirements, program duration and future prospects, along with official registration or reference links.
    Date: 2026-02-20T01:39:22Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-DATABASE-Database-Beasiswa-Fellowship-law-Pi-Fellowship
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e441d78d-8a66-45eb-ab60-b4ca8cee00c1.png
    Threat Actors: XZeeoneOfc
    Victim Country: USA
    Victim Industry: Higher Education/Acadamia
    Victim Organization: university of notre dame
    Victim Site: law.nd.edu
  81. Alleged Data Breach of Pares
    Category: Data Breach
    Content: Threat actor claims to have breached the database of Pares; the dataset contains structured contact records tied to platform users and business entities.
    Date: 2026-02-20T01:08:58Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-DATABASE-Pares-AI-Real-Estate-Database-Leaked-Download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d20d00c0-11cf-4b42-9409-e0674601ac23.png
    Threat Actors: Sythe
    Victim Country: Unknown
    Victim Industry: Real Estate
    Victim Organization: pares
    Victim Site: pares.ai
  82. Alleged sale of admin access to unidentified store in New Zealand
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in New Zealand.
    Date: 2026-02-20T01:08:33Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/276428/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f918e347-0ac3-429f-9f73-2495c65a7f11.png
    Threat Actors: cosmodrome
    Victim Country: New Zealand
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  83. Alleged leak of login credentials to UAE PASS
    Category: Data Breach
    Content: The group claims to have leaked login credentials to UAE PASS
    Date: 2026-02-20T01:02:14Z
    Network: telegram
    Published URL: https://t.me/c/1943303299/1071124
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c7d697c5-46a8-4ace-b5a1-f5cdbc09bdc2.png
    Threat Actors: A K U L A v 2 . 2
    Victim Country: UAE
    Victim Industry: Government Administration
    Victim Organization: uae pass
    Victim Site: ids.uaepass.ae
  84. Alleged Sale of Ministry of Sports, Youth and Community Life Database
    Category: Data Breach
    Content: The threat actor claims to be selling the database of Ministry of Sports, Youth and Community Life, the dataset contains personally identifiable information tied to platform users.
    Date: 2026-02-20T00:59:17Z
    Network: openweb
    Published URL: https://breachforums.as/Thread-SELLING-FR-Minist%C3%A8re-des-sports-de-la-jeunesse-et-de-la-vie-associative
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1ec925e5-2b05-4494-9467-7d5a43be6301.png
    Threat Actors: DumpSec
    Victim Country: France
    Victim Industry: Government Administration
    Victim Organization: ministry of sports, youth and community life
    Victim Site: info.gouv.fr

Related Posts